CVE-2014-0468
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-08-06
Assigner: Debian GNU/Linux
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fusionforge | fusionforge | to 5.3\+20140506. (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2014-0468 is a vulnerability in the Apache configuration shipped with FusionForge that allows the web server to execute scripts uploaded by users in their raw SCM repositories (such as SVN, Git, or Bazaar). This happens because the Apache configuration does not sufficiently restrict access to raw repository directories, enabling execution of scripts if an attacker has file-level access to these repositories. Scripts committed through normal repository operations are not affected. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with file-level access to raw SCM repositories to execute arbitrary scripts on the web server. This could lead to unauthorized code execution, potentially compromising the server, stealing data, or performing other malicious actions. It bypasses normal SCM command protections by directly accessing raw repository files. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your Apache configuration for FusionForge allows execution of scripts in raw SCM repository directories. You should inspect the Apache configuration file, typically located at /etc/<forge>/httpd.conf.d/plugin-generic.inc, for the presence or absence of the fixed directives such as ScriptAliasMatch, Alias, DirectoryMatch with Options disabling CGI execution, and handlers disabling scripting engines. Commands to help detect this include: 1) grep -i -A 20 'DirectoryMatch' /etc/<forge>/httpd.conf.d/plugin-generic.inc to review directory restrictions; 2) grep -i 'ScriptAliasMatch' /etc/<forge>/httpd.conf.d/plugin-generic.inc to check script aliasing; 3) apachectl -S or httpd -S to review active Apache configuration; 4) testing if scripts in raw repository directories execute by attempting to access them via HTTP. If scripts execute, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include manually updating the Apache configuration file /etc/<forge>/httpd.conf.d/plugin-generic.inc with the fixed configuration provided by FusionForge. This fixed configuration includes: using ScriptAliasMatch and Alias directives to properly map plugin CGI and anonymous SCM repository paths; applying DirectoryMatch directives to disable directory indexing and CGI execution in raw repository directories; unsetting the Cookie header to prevent cookie theft; disabling all scripting engines by setting the default handler for files matching '?*'; and explicitly disabling the PHP5 engine if mod_php5 is loaded. Additionally, ensure that no scripts are executable in raw SCM repository directories and restrict file-level access to these repositories. Upgrading to FusionForge 5.2 or later with the fix included is recommended when possible. [1]